<?php

$_language->read_module('lostpassword');

eval ("\$title_lostpassword = \"".gettemplate("title_lostpassword")."\";");
echo $title_lostpassword;

if(isset($_POST['submit'])) {
	$email = trim($_POST['email']);
	if($email!=''){
		$ergebnis = safe_query("SELECT * FROM ".PREFIX."user WHERE email = '".$email."'");
		$anz = mysql_num_rows($ergebnis);
	
		if($anz) {
	
			$bcrypt = new Bcrypt(15);
			
			$newpwd=RandPass(6);
			$newmd5pwd=md5(sha1(md5($newpwd)));
	
			$ds = mysql_fetch_array($ergebnis);
			safe_query("UPDATE ".PREFIX."user SET password='".$newmd5pwd."' WHERE userID='".$ds['userID']."'");
	
			$ToEmail = $ds['email'];
			$ToName = $ds['username'];
			$vars = Array('%pagetitle%', '%username%', '%new_password%', '%homepage_url%');
			$repl = Array($hp_title, $ds['username'], $newpwd, $hp_url);
			$header = str_replace($vars, $repl, $_language->module['email_subject']);
			$Message = str_replace($vars, $repl, $_language->module['email_text']);
	
			if(mail($ToEmail,$header, $Message, "From:".$admin_email."\nContent-type: text/plain; charset=utf-8\n"))
			echo str_replace($vars, $repl, $_language->module['successful']);
			else echo $_language->module['email_failed'];
	
	
		}
		else {
			echo $_language->module['no_user_found'];
		}
	}
	else{
		echo $_language->module['no_mail_given'];
	}
}
else {
	echo'<form method="post" action="lostpassword">
		 '.$_language->module['your_email'].': <input type="text" name="email" size="25" /> <input type="submit" name="submit" value="'.$_language->module['get_password'].'" />
		 </form>';
}

?>